{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-20T23:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://openwall.com/lists/oss-security/2017/07/20/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/forum/#%21topic/nix-security-announce/qrDU0KH_ZRk"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NixOS/nixpkgs/issues/27506"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11501", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openwall.com/lists/oss-security/2017/07/20/1", "refsource": "CONFIRM", "url": "http://openwall.com/lists/oss-security/2017/07/20/1"}, {"name": "https://groups.google.com/forum/#!topic/nix-security-announce/qrDU0KH_ZRk", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/nix-security-announce/qrDU0KH_ZRk"}, {"name": "https://github.com/NixOS/nixpkgs/issues/27506", "refsource": "CONFIRM", "url": "https://github.com/NixOS/nixpkgs/issues/27506"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.130Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2017/07/20/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/nix-security-announce/qrDU0KH_ZRk"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/NixOS/nixpkgs/issues/27506"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11501", "datePublished": "2017-07-20T23:00:00.000Z", "dateReserved": "2017-07-20T00:00:00.000Z", "dateUpdated": "2024-08-05T18:12:40.130Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nixos_project:nixos:*:*:*:*:*:*:*:*", "matchCriteriaId": "17B2506F-7453-4F4D-BC34-94FD6A02DB24", "versionEndIncluding": "17.03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf."}, {"lang": "es", "value": "NixOS versi\u00f3n 17.03 y anteriores tienen una ausencia predeterminada involuntaria de la comprobaci\u00f3n de certificado SSL para LDAP. El m\u00f3dulo users.ldap NixOS implementa la identificaci\u00f3n de usuarios contra servidores LDAP por medio de un m\u00f3dulo PAM. Se encontr\u00f3 que si TLS est\u00e1 habilitado para conectarse al servidor LDAP con users.ldap.useTLS, la verificaci\u00f3n entre iguales se deshabilitar\u00e1 incondicionalmente en /etc/ldap.conf."}], "id": "CVE-2017-11501", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-20T23:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/20/1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/NixOS/nixpkgs/issues/27506"}, {"source": "cve@mitre.org", "url": "https://groups.google.com/forum/#%21topic/nix-security-announce/qrDU0KH_ZRk"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2017/07/20/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/NixOS/nixpkgs/issues/27506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21topic/nix-security-announce/qrDU0KH_ZRk"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}